Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/sSPz7KsWNIMKyyRHlSkiZwosgKw.roa
File:                     sSPz7KsWNIMKyyRHlSkiZwosgKw.roa (raw, json)
Hash identifier:          wjM7pq8MRvpOQBEJDje34R/IkWbdszEvqnHRsuBbId4=
Subject key identifier:   B1:23:F3:EC:AB:16:34:83:0A:CB:24:47:95:29:22:67:0A:2C:80:AC
Certificate issuer:       /CN=a5abc43afced72fb92778728bee571c678f53853
Certificate serial:       019422FAFB51AB0364ACA5101A1544614B02
Authority key identifier: A5:AB:C4:3A:FC:ED:72:FB:92:77:87:28:BE:E5:71:C6:78:F5:38:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pavEOvztcvuSd4covuVxxnj1OFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/sSPz7KsWNIMKyyRHlSkiZwosgKw.roa
Signing time:             Wed 01 Jan 2025 17:47:41 +0000
ROA not before:           Wed 01 Jan 2025 17:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34000
IP address blocks:        83.97.56.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/pavEOvztcvuSd4covuVxxnj1OFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/pavEOvztcvuSd4covuVxxnj1OFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pavEOvztcvuSd4covuVxxnj1OFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fa:fb:51:ab:03:64:ac:a5:10:1a:15:44:61:4b:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5abc43afced72fb92778728bee571c678f53853
        Validity
            Not Before: Jan  1 17:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b123f3ecab1634830acb2447952922670a2c80ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:de:95:b8:1b:82:2c:da:26:3c:3c:97:ab:58:
                    11:74:ea:90:0b:94:71:e5:5e:bb:a2:9f:f2:97:58:
                    20:df:10:71:fc:17:95:fd:1d:8c:b5:63:e3:7a:db:
                    ad:77:0d:ea:f0:9a:d1:0f:24:b3:c3:2d:74:fb:1a:
                    8d:4f:c7:7b:ed:12:e8:91:b2:75:37:fe:ef:b1:6d:
                    80:f6:ff:a0:dc:6d:e6:dd:44:67:aa:0a:89:a5:98:
                    77:0c:83:46:9a:e4:d8:90:66:77:49:78:20:e9:d8:
                    e3:5e:8c:e8:ce:85:ef:bb:b3:8a:91:83:65:a1:9d:
                    59:05:fc:76:87:01:b7:3a:77:57:70:f1:c1:da:07:
                    11:c6:6c:b1:f4:ab:94:b0:a1:95:8b:b4:8b:c7:b8:
                    32:da:6b:e5:62:15:12:bf:54:59:72:01:3c:5e:42:
                    a2:18:e3:8c:1f:92:83:3e:72:a9:11:89:af:5f:15:
                    ad:83:2d:8e:18:7e:bd:8c:a8:09:c5:6c:cf:a7:ea:
                    b5:fb:bb:f1:c0:c4:89:8a:76:c3:e3:97:ef:27:87:
                    ed:a9:36:4d:86:99:9f:4f:41:83:96:71:fc:28:28:
                    3f:7c:52:ad:45:7f:00:54:ae:20:35:ea:57:b8:68:
                    50:3a:67:21:d0:fc:62:38:ed:44:0b:e9:ac:cb:bc:
                    29:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:23:F3:EC:AB:16:34:83:0A:CB:24:47:95:29:22:67:0A:2C:80:AC
            X509v3 Authority Key Identifier:
                keyid:A5:AB:C4:3A:FC:ED:72:FB:92:77:87:28:BE:E5:71:C6:78:F5:38:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pavEOvztcvuSd4covuVxxnj1OFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/sSPz7KsWNIMKyyRHlSkiZwosgKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/pavEOvztcvuSd4covuVxxnj1OFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.97.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         e0:62:cd:43:35:c3:e9:ee:30:03:06:0c:22:91:1f:01:49:0d:
         b1:2b:40:49:59:48:ed:03:7b:a4:f6:39:21:e9:b0:8d:fe:43:
         e2:02:05:7d:5d:f7:8e:8f:6f:a8:a6:4b:b5:8b:9d:da:fe:df:
         05:79:a7:fe:8a:db:69:87:90:3a:67:71:40:e3:55:5e:97:89:
         43:02:eb:d7:83:04:94:38:a1:5c:c1:18:dc:8c:a5:3d:fb:69:
         e4:0e:c5:1c:f5:45:8c:63:47:d7:cf:97:24:81:e1:c8:f2:ff:
         59:83:00:9a:8e:8d:6f:1d:d7:ca:28:01:ea:c3:26:6e:d1:f7:
         b0:e4:8f:26:ea:3f:f2:c9:7d:e3:0d:d2:92:7b:43:f7:e3:46:
         f4:e6:12:bf:b8:02:d2:a0:79:13:38:8b:94:3e:dd:71:23:88:
         a8:4d:2e:02:1f:63:a5:88:3a:ff:38:a9:9e:e2:b3:f0:27:f9:
         6d:97:45:b8:f0:ec:c0:03:5c:87:5e:ad:cd:4d:0d:38:ae:15:
         92:9b:56:53:63:91:9b:de:fc:4f:d4:05:ad:40:6c:b7:36:f9:
         b7:a4:fe:d6:43:a5:a6:f3:67:2c:18:ff:3b:4b:4a:ad:ad:67:
         4a:6d:68:05:21:df:b6:02:fe:06:92:32:72:bd:a6:ac:87:66:
         67:23:d6:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+vtRqwNkrKUQGhVEYUsCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YWJjNDNhZmNlZDcyZmI5Mjc3ODcyOGJlZTU3MWM2Nzhm
NTM4NTMwHhcNMjUwMTAxMTc0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTIzZjNlY2FiMTYzNDgzMGFjYjI0NDc5NTI5MjI2NzBhMmM4MGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA496VuBuCLNomPDyXq1gRdOqQC5Rx
5V67op/yl1gg3xBx/BeV/R2MtWPjetutdw3q8JrRDySzwy10+xqNT8d77RLokbJ1
N/7vsW2A9v+g3G3m3URnqgqJpZh3DINGmuTYkGZ3SXgg6djjXozozoXvu7OKkYNl
oZ1ZBfx2hwG3OndXcPHB2gcRxmyx9KuUsKGVi7SLx7gy2mvlYhUSv1RZcgE8XkKi
GOOMH5KDPnKpEYmvXxWtgy2OGH69jKgJxWzPp+q1+7vxwMSJinbD45fvJ4ftqTZN
hpmfT0GDlnH8KCg/fFKtRX8AVK4gNepXuGhQOmch0PxiOO1EC+msy7wpWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLEj8+yrFjSDCsskR5UpImcKLICsMB8GA1UdIwQY
MBaAFKWrxDr87XL7kneHKL7lccZ49ThTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGF2RU92enRjdnVTZDRjb3Z1Vnh4bmoxT0ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9lOWI3NmEtMTBiMy00N2MwLWE1MTct
YjVlOTFmYzY1MDUxLzEvc1NQejdLc1dOSU1LeXlSSGxTa2lad29zZ0t3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9lOWI3NmEtMTBiMy00N2MwLWE1MTctYjVlOTFmYzY1MDUx
LzEvcGF2RU92enRjdnVTZDRjb3Z1Vnh4bmoxT0ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDU2E4MA0G
CSqGSIb3DQEBCwUAA4IBAQDgYs1DNcPp7jADBgwikR8BSQ2xK0BJWUjtA3uk9jkh
6bCN/kPiAgV9XfeOj2+opku1i53a/t8Feaf+ittph5A6Z3FA41Vel4lDAuvXgwSU
OKFcwRjcjKU9+2nkDsUc9UWMY0fXz5ckgeHI8v9ZgwCajo1vHdfKKAHqwyZu0few
5I8m6j/yyX3jDdKSe0P340b05hK/uALSoHkTOIuUPt1xI4ioTS4CH2OliDr/OKme
4rPwJ/ltl0W48OzAA1yHXq3NTQ04rhWSm1ZTY5Gb3vxP1AWtQGy3Nvm3pP7WQ6Wm
82csGP87S0qtrWdKbWgFId+2Av4GkjJyvaash2ZnI9Y0
-----END CERTIFICATE-----